Privacy Protctor & Error Cleaner & Spyware/Malware

Thema ist geschlossen!

11.09.2008, 08:19

318cabrio

...neu hier

Beiträge: 5

#1 Hallo zusammen,
ich bin neu hier im Forum und kein PC-Experte. Ich habe mir o.g Problem eingefangen und habe versucht, dies wie im Forum beschrieben, über CCleaner und ComboFix in den Griff zu bekommen. Leider hat dies nicht so funktioniert, da ich immer noch die Meldungen über SystemAlert (rotes blinkendes Kreis mit weißem Kreuz) und Spyware Alert erhalte. Ich habe das Combo-Logfile mit angefügt und hoffe, dass mir jemand von Euch helfen kann.

ComboFix 08-09-10.02 - Admin 2008-09-11 7:48:23.2 - [color=red]FAT32[/color]x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.704 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Admin\Desktop\ComboFix.exe

[color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Admin\Desktop\Error Cleaner.url
C:\Dokumente und Einstellungen\Admin\Desktop\Privacy Protector.url
C:\Dokumente und Einstellungen\Admin\Desktop\Spyware&Malware Protection.url
C:\Dokumente und Einstellungen\Admin\Favoriten\Error Cleaner.url
C:\Dokumente und Einstellungen\Admin\Favoriten\Privacy Protector.url
C:\Dokumente und Einstellungen\Admin\Favoriten\Spyware&Malware Protection.url
C:\WINDOWS\system32\HPqsutwa.ini
C:\WINDOWS\system32\HPqsutwa.ini2
C:\Programme\PCHealthCenter\sc.html . . . . Nicht in der Lage zu löschen

.
((((((((((((((((((((((( Dateien erstellt von 2008-08-11 bis 2008-09-11 ))))))))))))))))))))))))))))))
.

2008-09-11 07:51 . 2008-09-11 07:51 <DIR> d-------- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TmpRecentIcons
2008-09-11 06:42 . 2008-09-11 06:42 <DIR> d-------- C:\Programme\CCleaner
2008-09-11 06:33 . 2008-09-11 06:33 <DIR> d-------- C:\Programme\CleanUp!
2008-09-11 06:32 . 2008-09-11 06:32 <DIR> d-------- C:\cyberJack Base Components
2008-09-10 22:38 . 2008-09-10 22:38 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-09-10 18:46 . 2008-09-10 18:46 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-09-10 17:51 . 2008-09-10 17:51 322,048 --a------ C:\WINDOWS\system32\awtusqPH.dll
2008-09-10 17:50 . 2008-09-08 17:32 3,262 --a------ C:\WINDOWS\system32\2.ico
2008-09-10 17:47 . 2008-09-10 17:47 88,878 --a------ C:\WINDOWS\system32\casino3.ico
2008-09-10 17:47 . 2008-09-10 17:47 88,878 --a------ C:\WINDOWS\system32\casino2.ico
2008-09-10 17:46 . 2008-09-10 17:47 88,878 --a------ C:\WINDOWS\system32\casino1.ico
2008-09-10 17:46 . 2008-09-08 17:32 3,262 --a------ C:\WINDOWS\system32\1.ico
2008-09-10 17:45 . 2008-09-10 17:46 <DIR> d-------- C:\Programme\PCHealthCenter
2008-09-10 17:45 . 2008-09-10 15:51 385,024 --a------ C:\WINDOWS\vmgspntbofv.dll
2008-09-10 17:45 . 2008-09-10 15:51 294,912 --a------ C:\WINDOWS\dtseqrxk.dll
2008-09-10 17:45 . 2008-09-10 15:51 204,800 --a------ C:\WINDOWS\mgxfebsq.dll
2008-09-10 17:45 . 2008-09-10 15:51 188,416 --a------ C:\WINDOWS\fqbewlna.dll
2008-09-10 17:45 . 2008-09-10 15:51 94,208 --a------ C:\WINDOWS\mqgldfvo.exe
2008-09-10 17:45 . 2008-09-08 17:32 31,232 --a------ C:\x
2008-08-14 08:10 . 2008-04-11 21:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 08:02 . 2008-06-24 18:42 74,240 --------- C:\WINDOWS\system32\dllcache\mscms.dll
2008-08-14 08:01 . 2008-07-07 22:26 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll
2008-08-14 08:00 . 2008-06-26 10:12 1,499,136 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-08-14 08:00 . 2008-06-26 10:12 620,544 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-14 08:00 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 05:33 9,550 ----a-w C:\WINDOWS\system32\Fxxplfnt.tmp
2008-09-10 16:32 90,112 ----a-w C:\WINDOWS\DUMP3641.tmp
2008-08-05 12:25 --------- d-----w C:\Programme\Sun
2008-08-05 12:24 --------- d-----w C:\Programme\Java
2008-08-05 12:21 --------- d-----w C:\Programme\Gemeinsame Dateien\Java
2008-07-27 18:53 --------- d-----w C:\Programme\Google
2008-07-27 18:53 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2008-07-21 19:04 --------- d-----w C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\T-Online
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-17 13:41 --------- d-----w C:\Programme\StarMoney 6.0
2008-07-16 21:47 --------- d-----w C:\Programme\REINER SCT
2008-07-16 21:47 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cyberJack Base Components
2008-07-16 21:19 --------- d-----w C:\Programme\MSXML 4.0
2008-07-16 21:18 --------- d-----w C:\Programme\StarMoney 4.0 S-Edition
2008-07-15 09:57 --------- d-----w C:\Programme\Siemens Data Suite
2008-07-15 09:57 --------- d-----w C:\Programme\Gemeinsame Dateien\XCPCSync
2008-07-15 09:57 --------- d-----w C:\Programme\Gemeinsame Dateien\Siemens AG Shared
2008-07-14 16:56 --------- d-----w C:\Programme\Acer
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:10 671,744 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 15:10 671,744 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 15:10 3,088,384 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:32 273,024 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2000-01-07 09:53 696,320 ----a-w C:\Programme\Gemeinsame Dateien\XCMHook.dll
2000-01-06 13:57 24,576 ----a-w C:\Programme\Gemeinsame Dateien\XCPCMenu.exe
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FB78543-B4AE-40C9-8366-4FE59CBA3288}]
2008-09-10 17:51 322048 --a------ C:\WINDOWS\system32\awtusqPH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA3AF6A4-8AAE-468C-AE0C-FE212D350913}]
2008-09-10 15:51 385024 --a------ C:\WINDOWS\vmgspntbofv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A00C7A68-87B7-4CAE-9470-6B7CD75E4F23}"= "C:\WINDOWS\fqbewlna.dll" [2008-09-10 188416]

[HKEY_CLASSES_ROOT\clsid\{a00c7a68-87b7-4cae-9470-6b7cd75e4f23}]
[HKEY_CLASSES_ROOT\fqbewlna.1]
[HKEY_CLASSES_ROOT\TypeLib\{F17AB739-89CD-4039-A7FC-7DE4903992CD}]
[HKEY_CLASSES_ROOT\fqbewlna]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
"NoDispCPL"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoStartMenuMorePrograms"= 1 (0x1)
"NoSetFolders"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"dtseqrxk"= {7CC35352-E8FA-4E3B-ACF3-C1ECA13989BB} - C:\WINDOWS\dtseqrxk.dll [2008-09-10 294912]
"mgxfebsq"= {493C46BF-ECAC-49BC-9AB6-685053BBFE11} - C:\WINDOWS\mgxfebsq.dll [2008-09-10 204800]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\System32\\FXSCLNT.exe"=

R1 bizVSerial;Franson VSerial;C:\WINDOWS\system32\drivers\bizVSerialNT.sys [2007-05-31 14949]
R1 SMBHC;Microsoft SM Bus-Hostcontrollertreiber;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 6784]
R2 AVM BT Connection Service;AVM BT Connection Service;C:\Programme\avmclient\avmbtservice.exe [2004-05-27 299087]
R2 AvmObexService;AVM BT OBEX Service;C:\Programme\avmclient\AvmObexService.exe [2004-05-27 172032]
R2 cjpcsc;cyberJack PC/SC COM Service ;C:\WINDOWS\system32\cjpcsc.exe [2008-01-07 652592]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2004-09-02 78208]
R3 AVMBTPARALLEL;AVM Bluetooth Druckeranschluss;C:\WINDOWS\system32\DRIVERS\avmbtpar.sys [2004-05-27 60032]
R3 AVMBTSERIAL;AVM Bluetooth Kommunikationsanschluss;C:\WINDOWS\system32\DRIVERS\avmbtser.sys [2004-05-27 61056]
R3 AVMBTSND;AVM Bluetooth Audio Driver;C:\WINDOWS\system32\drivers\avmbtsnd.sys [2004-05-27 49664]
R3 cjusb;REINER SCT cyberJack pinpad/e-com USB;C:\WINDOWS\system32\DRIVERS\cjusb.sys [2007-05-31 23040]
R3 SMBBATT;Microsoft Smart Battery-Treiber;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2008-04-13 16000]
S2 AVM BT PAN Service;AVM BT PAN Service;C:\Programme\avmclient\panapp.exe [2004-05-27 135229]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmcowan.sys [2004-05-27 53120]
S3 AVMWAN;AVM NDIS WAN CAPI-Treiber;C:\WINDOWS\system32\DRIVERS\avmwan.sys [2001-08-17 37568]
S3 bfhubase;BlueFRITZ! USB 2.5(WinXP/2000);C:\WINDOWS\system32\DRIVERS\bfhubase.sys [2004-05-27 796192]
S3 CAPI_CIP;AVM Bluetooth CAPI-Controller;C:\WINDOWS\system32\DRIVERS\capi_cip.sys [2004-05-27 374144]
S3 fpcmbase;AVM ISDN-Controller FRITZ!Card PCMCIA;C:\WINDOWS\system32\DRIVERS\fpcmbase.sys [2001-08-17 441728]
S3 NETBFPAN;AVM Bluetooth Netzwerkadapter;C:\WINDOWS\system32\DRIVERS\netbfpan.sys [2004-05-27 35914]
S3 NETFRITZ;AVM FRITZ!web PPP over ISDN;C:\WINDOWS\system32\DRIVERS\NETFRITZ.SYS [ ]
S3 NETFWDSL;AVM FRITZ!web DSL PPP;C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS [ ]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-09-22 179712]
.
.
------- Zus„tzlicher Scan -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\7ruh001h.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 07:51:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]
"ImagePath"="system32\DRIVERS\ACPIEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agp440]
"ImagePath"="system32\DRIVERS\agp440.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\anbmService]
"ImagePath"="C:\Acer\eManager\anbmServ.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Arp1394]
"ImagePath"="system32\DRIVERS\arp1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ati HotKey Poller]
"ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVM BT Connection Service]
"ImagePath"="C:\Programme\avmclient\avmbtservice.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVM BT PAN Service]
"ImagePath"="C:\Programme\avmclient\panapp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVMBTPARALLEL]
"ImagePath"="system32\DRIVERS\avmbtpar.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVMBTSERIAL]
"ImagePath"="system32\DRIVERS\avmbtser.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVMBTSND]
"ImagePath"="system32\drivers\avmbtsnd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVMCOWAN]
"ImagePath"="system32\DRIVERS\avmcowan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvmObexService]
"ImagePath"="C:\Programme\avmclient\AvmObexService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVMWAN]
"ImagePath"="system32\DRIVERS\avmwan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b57w2k]
"ImagePath"="system32\DRIVERS\b57xp32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bcm4sbxp]
"ImagePath"="system32\DRIVERS\bcm4sbxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BDFsDrv]
"ImagePath"="\??\C:\Programme\Softwin\BitDefender10\bdfsdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BDRsDrv]
"ImagePath"="\??\C:\Programme\Softwin\BitDefender10\bdrsdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bfhubase]
"ImagePath"="system32\DRIVERS\bfhubase.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bizVSerial]
"ImagePath"="System32\drivers\bizVSerialNT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Brother XP spl Service]
"ImagePath"="C:\WINDOWS\system32\brsvc01a.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BthEnum]
"ImagePath"="system32\DRIVERS\BthEnum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BthPan]
"ImagePath"="system32\DRIVERS\bthpan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTHPORT]
"ImagePath"="System32\Drivers\BTHport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BthServ]
"ServiceDll"="%SystemRoot%\System32\bthserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTHUSB]
"ImagePath"="System32\Drivers\BTHUSB.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CAMCAUD]
"ImagePath"="system32\drivers\camcaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CAMCHALA]
"ImagePath"="system32\drivers\camchal.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CAPI_CIP]
"ImagePath"="system32\DRIVERS\capi_cip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cjpcsc]
"ImagePath"="C:\WINDOWS\system32\cjpcsc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cjusb]
"ImagePath"="system32\DRIVERS\cjusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DKbFltr]
"ImagePath"="System32\Drivers\DKbFltr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EpmPsd]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\epm-psd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EpmShd]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\epm-shd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="C:\WINDOWS\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fpcmbase]
"ImagePath"="system32\DRIVERS\fpcmbase.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSFHWICH]
"ImagePath"="system32\DRIVERS\HSFHWICH.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSF_DP]
"ImagePath"="system32\DRIVERS\HSF_DP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\irda]
"ImagePath"="system32\DRIVERS\irda.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Irmon]
"ServiceDll"="%SystemRoot%\System32\irmon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmxsdk]
"ImagePath"="system32\DRIVERS\mdmxsdk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="C:\WINDOWS\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETBFPAN]
"ImagePath"="system32\DRIVERS\netbfpan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETFRITZ]
"ImagePath"="system32\DRIVERS\NETFRITZ.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETFWDSL]
"ImagePath"="system32\DRIVERS\NETFWDSL.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSCIRDA]
"ImagePath"="system32\DRIVERS\nscirda.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTIDrvr]
"ImagePath"="system32\DRIVERS\NTIDrvr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
"ImagePath"="system32\DRIVERS\pcmcia.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfc]
"ImagePath"="system32\drivers\pfc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasirda]
"ImagePath"="system32\DRIVERS\rasirda.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="C:\WINDOWS\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RFCOMM]
"ImagePath"="system32\DRIVERS\rfcomm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ROOTMODEM]
"ImagePath"="System32\Drivers\RootMdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8180]
"ImagePath"="system32\DRIVERS\RTL8180.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMBBATT]
"ImagePath"="system32\DRIVERS\SMBBATT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMBHC]
"ImagePath"="system32\DRIVERS\SMBHC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="C:\WINDOWS\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{608C8C61-E63D-400F-93F9-B81BE21A1F4D}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tifm21]
"ImagePath"="system32\drivers\tifm21.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usb]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w29n51]
"ImagePath"="system32\DRIVERS\w29n51.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WHL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winachsf]
"ImagePath"="system32\DRIVERS\HSF_CNXT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="C:\WINDOWS\system32\mspmsnsv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="C:\WINDOWS\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="C:\WINDOWS\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{25AE98B2-8471-4A9A-913D-7D2A624E2F01}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{6B12240F-AF03-4FA2-B5F3-5BDFD6554391}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{86E354CB-6F94-4931-B1CF-AAB046E3F9AA}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{8BA1B0BE-954C-4C4D-AF37-E1E7FC44DB9D}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{D49138D6-31E3-4F51-90C0-795F024AD21A}]
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

Prozess: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\msi.dll
.
------------------------ Weitere, laufende Prozesse ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\BRSS01A.EXE
C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
C:\PROGRAMME\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAMME\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAMME\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\ARCADE\PCMSERVICE.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAMME\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\ACER\EPM\EPM-DM.EXE
C:\PROGRAMME\LAUNCH MANAGER\QTZGACER.EXE
C:\PROGRAMME\FREEPDF_XP\FPASSIST.EXE
C:\PROGRAMME\ADOBE\READER 8.0\READER\READER_SL.EXE
C:\PROGRAMME\AVMCLIENT\BLUEFRITZ.EXE
C:\PROGRAMME\AVMCLIENT\AVMOBEX.EXE
C:\PROGRAMME\JAVA\JRE1.6.0_07\BIN\JUSCHED.EXE
C:\PROGRAMME\AVMCLIENT\AVMOBEX.EXE
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-09-11 7:54:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-09-11 05:54:54
ComboFix2.txt 2008-09-11 05:39:56

Pre-Run: 14 Verzeichnis(se), 16,593,944,576 Bytes frei
Post-Run: 39 Verzeichnis(se), 16,578,609,152 Bytes frei

761 --- E O F --- 2008-08-14 07:12:54

Anhang: combo-logfile.txt

11.09.2008, 10:13

raman

Moderator

Beiträge: 7805

#2 Lasse bitte noch Mbam den Rechner pruefen und lasse alle funde entfernen. Danach bitte den erzeugten Report posten.
__________
MfG Ralf
SEO-Spam Hunter

11.09.2008, 10:34

318cabrio

...neu hier

Themenstarter

Beiträge: 5

#3 Hallo raman,
habe ich mittlerweile gemacht und es sieht so aus, als läuft wieder alles normal.
Wenn ich noch etwas machen muss, würde ich mich über einen Info sehr freuen.
Schönen Gruss
Markus

Hier das logfile von mbam

Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1137
Windows 5.1.2600 Service Pack 3

11.09.2008 10:02:48
mbam-log-2008-09-11 (10-02-48).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 39800
Laufzeit: 5 minute(s), 42 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 3
Infizierte Registrierungsschlüssel: 17
Infizierte Registrierungswerte: 20
Infizierte Dateiobjekte der Registrierung: 18
Infizierte Verzeichnisse: 1
Infizierte Dateien: 22

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\awtusqPH.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\dtseqrxk.dll (Trojan.Zlob) -> Delete on reboot.
C:\WINDOWS\mgxfebsq.dll (Trojan.FakeAlert) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48b5e035-9d21-4a4f-9a06-f43e8d4726c5} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{48b5e035-9d21-4a4f-9a06-f43e8d4726c5} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7cc35352-e8fa-4e3b-acf3-c1eca13989bb} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f17ab739-89cd-4039-a7fc-7de4903992cd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8c85adb0-ad5f-4278-8d08-bb6e528e0e74} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a00c7a68-87b7-4cae-9470-6b7cd75e4f23} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{493c46bf-ecac-49bc-9ab6-685053bbfe11} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e32f6596-6e2d-4747-b34a-f4531515e1e6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{52e20e48-e4d8-4fd6-8522-7a927f56f31f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{66dab26c-18c5-4c70-97ca-c173aab4771a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aa3af6a4-8aae-468c-ae0c-fe212d350913} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa3af6a4-8aae-468c-ae0c-fe212d350913} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.bqfs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dtseqrxk (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur74.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur75.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur76.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur77.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur74.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur75.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur76.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur77.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a00c7a68-87b7-4cae-9470-6b7cd75e4f23} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mgxfebsq (Trojan.FakeAlert) -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\awtusqph -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awtusqph -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76416-OEM-0011903-00100) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\awtusqPH.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\HPqsutwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\HPqsutwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\dtseqrxk.dll (Trojan.Zlob) -> Delete on reboot.
C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\casino1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\casino2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\casino3.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fqbewlna.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mgxfebsq.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\mqgldfvo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\vmgspntbofv.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TmpRecentIcons\MS Antivirus.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Admin\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Admin\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Admin\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Admin\Favoriten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Admin\Favoriten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Admin\Favoriten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

11.09.2008, 11:36

raman

Moderator

Beiträge: 7805

#4 Ja, erstelle bitte noch ein neuen Combofix Report, da sieht man besser, ob Mbam noch etwas uebersehen haben sollte.
__________
MfG Ralf
SEO-Spam Hunter

11.09.2008, 11:44

318cabrio

...neu hier

Themenstarter

Beiträge: 5

#5 Hallo Ralf,
kannst Du mir mitteilen, wie ich diesen erstellen kann? Ich habe Combofix bereits wieder über Start-Ausführen-ComboFix /U gelöscht (habe ich in einigen Beiträgen gelesen).
Freue mich über kurze Rückinfo von Dir
Gruss Markus

11.09.2008, 11:47

raman

Moderator

Beiträge: 7805

#6 Einfach neu herunterladen und starten...
__________
MfG Ralf
SEO-Spam Hunter

11.09.2008, 11:59

318cabrio

...neu hier

Themenstarter

Beiträge: 5

#7 Hallo Ralf,
anbei der aktuelle ComboFix-Report. Ich hoffe, dass alles wieder OK ist.
Freue mich auf Rückinfo
Gruss Markus

ComboFix 08-09-10.02 - Admin 2008-09-11 11:50:56.3 - [color=red]FAT32[/color]x86
ausgeführt von:: F:\ComboFix.exe

[color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-08-11 bis 2008-09-11 ))))))))))))))))))))))))))))))
.

2008-09-11 10:12 . 2008-09-11 10:12 <DIR> d-------- C:\Programme\Avira
2008-09-11 10:12 . 2008-09-11 10:12 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-09-11 09:54 . 2008-09-11 09:54 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-09-11 09:54 . 2008-09-11 09:54 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-09-11 09:54 . 2008-09-11 09:54 <DIR> d-------- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
2008-09-11 09:54 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-11 09:54 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-11 06:42 . 2008-09-11 06:42 <DIR> d-------- C:\Programme\CCleaner
2008-09-11 06:33 . 2008-09-11 06:33 <DIR> d-------- C:\Programme\CleanUp!
2008-09-11 06:32 . 2008-09-11 06:32 <DIR> d-------- C:\cyberJack Base Components
2008-09-10 22:38 . 2008-09-10 22:38 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-09-10 18:46 . 2008-09-10 18:46 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-14 08:10 . 2008-04-11 21:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 08:02 . 2008-06-24 18:42 74,240 --------- C:\WINDOWS\system32\dllcache\mscms.dll
2008-08-14 08:01 . 2008-07-07 22:26 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll
2008-08-14 08:00 . 2008-06-26 10:12 1,499,136 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-08-14 08:00 . 2008-06-26 10:12 620,544 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-14 08:00 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 08:05 9,550 ----a-w C:\WINDOWS\system32\Fxxplfnt.tmp
2008-09-10 16:32 90,112 ----a-w C:\WINDOWS\DUMP3641.tmp
2008-08-05 12:25 --------- d-----w C:\Programme\Sun
2008-08-05 12:24 --------- d-----w C:\Programme\Java
2008-08-05 12:21 --------- d-----w C:\Programme\Gemeinsame Dateien\Java
2008-07-27 18:53 --------- d-----w C:\Programme\Google
2008-07-27 18:53 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2008-07-21 19:04 --------- d-----w C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\T-Online
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-17 13:41 --------- d-----w C:\Programme\StarMoney 6.0
2008-07-16 21:47 --------- d-----w C:\Programme\REINER SCT
2008-07-16 21:47 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cyberJack Base Components
2008-07-16 21:19 --------- d-----w C:\Programme\MSXML 4.0
2008-07-16 21:18 --------- d-----w C:\Programme\StarMoney 4.0 S-Edition
2008-07-15 09:57 --------- d-----w C:\Programme\Siemens Data Suite
2008-07-15 09:57 --------- d-----w C:\Programme\Gemeinsame Dateien\XCPCSync
2008-07-15 09:57 --------- d-----w C:\Programme\Gemeinsame Dateien\Siemens AG Shared
2008-07-14 16:56 --------- d-----w C:\Programme\Acer
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:10 671,744 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 15:10 671,744 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 15:10 3,088,384 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:32 273,024 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2000-01-07 09:53 696,320 ----a-w C:\Programme\Gemeinsame Dateien\XCMHook.dll
2000-01-06 13:57 24,576 ----a-w C:\Programme\Gemeinsame Dateien\XCPCMenu.exe
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2004-08-27 81920]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"EPM-DM"="C:\Acer\ePM\EPM-DM.exe" [2004-11-03 163840]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2004-11-03 2883584]
"LManager"="C:\Programme\Launch Manager\QtZgAcer.EXE" [2004-07-30 319488]
"FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [2005-01-06 131584]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVMBlueClient"="C:\Programme\avmclient\bluefritz.exe" [2004-05-27 1482752]
"AVMBLUEOBEX"="C:\Programme\avmclient\AvmObex.exe" [2004-05-27 352256]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"klickIdentPP.exe"="C:\Programme\klickIdent Herbst 2007\klickIdentPP.exe" [2007-07-30 855552]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Acrobat Assistant.lnk - C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\System32\\FXSCLNT.exe"=

R1 bizVSerial;Franson VSerial;C:\WINDOWS\system32\drivers\bizVSerialNT.sys [2007-05-31 14949]
R1 SMBHC;Microsoft SM Bus-Hostcontrollertreiber;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 6784]
R2 AVM BT Connection Service;AVM BT Connection Service;C:\Programme\avmclient\avmbtservice.exe [2004-05-27 299087]
R2 AvmObexService;AVM BT OBEX Service;C:\Programme\avmclient\AvmObexService.exe [2004-05-27 172032]
R2 cjpcsc;cyberJack PC/SC COM Service ;C:\WINDOWS\system32\cjpcsc.exe [2008-01-07 652592]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2004-09-02 78208]
R3 AVMBTPARALLEL;AVM Bluetooth Druckeranschluss;C:\WINDOWS\system32\DRIVERS\avmbtpar.sys [2004-05-27 60032]
R3 AVMBTSERIAL;AVM Bluetooth Kommunikationsanschluss;C:\WINDOWS\system32\DRIVERS\avmbtser.sys [2004-05-27 61056]
R3 AVMBTSND;AVM Bluetooth Audio Driver;C:\WINDOWS\system32\drivers\avmbtsnd.sys [2004-05-27 49664]
R3 cjusb;REINER SCT cyberJack pinpad/e-com USB;C:\WINDOWS\system32\DRIVERS\cjusb.sys [2007-05-31 23040]
R3 SMBBATT;Microsoft Smart Battery-Treiber;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2008-04-13 16000]
S2 AVM BT PAN Service;AVM BT PAN Service;C:\Programme\avmclient\panapp.exe [2004-05-27 135229]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmcowan.sys [2004-05-27 53120]
S3 AVMWAN;AVM NDIS WAN CAPI-Treiber;C:\WINDOWS\system32\DRIVERS\avmwan.sys [2001-08-17 37568]
S3 bfhubase;BlueFRITZ! USB 2.5(WinXP/2000);C:\WINDOWS\system32\DRIVERS\bfhubase.sys [2004-05-27 796192]
S3 CAPI_CIP;AVM Bluetooth CAPI-Controller;C:\WINDOWS\system32\DRIVERS\capi_cip.sys [2004-05-27 374144]
S3 fpcmbase;AVM ISDN-Controller FRITZ!Card PCMCIA;C:\WINDOWS\system32\DRIVERS\fpcmbase.sys [2001-08-17 441728]
S3 NETBFPAN;AVM Bluetooth Netzwerkadapter;C:\WINDOWS\system32\DRIVERS\netbfpan.sys [2004-05-27 35914]
S3 NETFRITZ;AVM FRITZ!web PPP over ISDN;C:\WINDOWS\system32\DRIVERS\NETFRITZ.SYS [ ]
S3 NETFWDSL;AVM FRITZ!web DSL PPP;C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS [ ]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-09-22 179712]

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
.
------- Zusätzlicher Scan -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\7ruh001h.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.de
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 11:54:11
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-09-11 11:54:45
ComboFix2.txt 2008-09-11 05:55:00
ComboFix-quarantined-files.txt 2008-09-11 09:54:42

Pre-Run: 14 Verzeichnis(se), 17,859,936,256 Bytes frei
Post-Run: 39 Verzeichnis(se), 17,872,650,240 Bytes frei

160 --- E O F --- 2008-08-14 07:12:54

11.09.2008, 12:05

raman

Moderator

Beiträge: 7805

#8 Loesche bitte noch

C:\WINDOWS\system32\Fxxplfnt.tmp
C:\WINDOWS\DUMP3641.tmp

und deinstalliere dann Combofix wieder...
__________
MfG Ralf
SEO-Spam Hunter

11.09.2008, 12:10

318cabrio

...neu hier

Themenstarter

Beiträge: 5

#9 Hallo Ralf,
vielen Dank für Deine Hilfe.
Ich hoffe, dass mir das nicht mehr passiert.
Schönen Gruss
Markus

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1